Best practice: SURFconext enables guest use for VU and Amsterdam UMC, location VUmc

Together with SURF, the VU, the Amsterdam UMC - location VUmc - and OCLC were looking for a safe and fast way to give guest lecturers and instructors access to the library's protected resources without having to hold an institutional account with one of these three organisations. They found the solution within SURFconext.

Sander Engelberts (OCLC ) en Rogier de Jong (VUmc)

Access to the university library via SURFconext

The Vrije Universiteit (VU) and Amsterdam UMC, location VUmc, work closely together to train doctors. Students of Medicine and their lecturers at the VU and Amsterdam UMC, location VUmc, have access to the university library's online information. Access is provided through OCLC, a global not-for-profit library partnership. OCLC offers unique research programmes and technology that can be used together and is linked to SURFconext. As a result, users can log in with their institutional account.

How do you arrange access for guest users?

However, there is a group of lecturers at Amsterdam UMC, location VUmc, who do not have an institutional account. They are, for example, employees of mental healthcare institutions and GP centres, where the students do their internships. These lecturers need access to the university library to check the sources that students include in their reports. However, they are not closely enough involved with Amsterdam UMC to offer them a 0-hour contract. How do you arrange access for this group of guest users?

Group managers can now add someone to SURFconext Teams themselves. This provides faster access and significantly reduces the workload for the ICT department.
Rogier de Jong, information analyst, VUmc

Many accounts and many changes

Sander Engelberts (OCLC ) en Rogier de Jong (VUmc)

Rogier de Jong, VUmc (left) and Sander Engelberts, OCLC (right)

"We have thought long and hard about this issue", says former project leader Rogier de Jong, former information analyst at Amsterdam UMC, location VUmc. By 'we' he means Ger Potze, administrator of the VU library; Sander Engelberts, product analyst at OCLC, and himself. Various scenarios were reviewed. For example, they were able to create VU guest accounts for all teachers without an institutional account. However, this would mean that the VU would have to manage about 200 accounts, of which the composition would change quite often. Together with SURF, they came up with a different solution that combines various possibilities of SURFconext. Guest users without a institutional account create an eduID, which enables them to use SURFconext. This process used to take place via Onegini, but this service has phased out SURF and replaced it with eduID.

The personal data remains with the institutions. We don't have to know anything about who is in the groups.
Sander Engelberts, product analyst at OCLC, which is linked to SURFconext

Access with eduID based on SURFconext Authorisation Rules

The guest users are placed in a group via SURFconext Teams. There are 4 groups, for different types of instructors. A decentralised manager independent of the responsible ICT department manages the composition of each group. He or she is also the point of contact. With SURFconext Authorisation Rules, you can determine to which service the group can log in to; not just anyone with an eduID has access. In this case, the groups of guest users have access to OCLC's services, with their eduID.

Direct management

The solution satisfies all parties. Rogier de Jong: "Group managers can now add someone to SURFconext Teams themselves. This provides faster access and significantly reduces the workload for the ICT department."

Sander Engelberts of OCLC is pleased that there is no exchange of personal data. "The personal data will remain with the institutions. We don't need to know anything about who's in the groups." With this solution we comply with the AVG. "Thanks to the activated construction with SURFconext, OCLC no longer has to watch over it." Engelberts is excited. "There's a good chance that two more institutions will come to SURF this year and choose this solution on my recommendation," he predicts.

Thanks to the activated construction with SURFconext, OCLC no longer has to watch over it.
Sander Engelberts, product analyst with OCLC

Accessible login

Christiaan Geertsma, the successor of Rogier de Jong at Amsterdam UMC, location VUmc, is pleased that Onegini has been replaced by eduID. "When guest users wanted to create an Onegini account, they often didn't know what to do halfway through: and now?" He praises eduID's approachability. "A guest user who wants to log in will receive an e-mail with a link that gives him direct access to OCLC's services. You don't even need to create a username and password, although you can create one for those who need it. A link in an e-mail may seem less secure, but it's not. You should be the only one with access to your e-mailbox. It works well, we're happy with it."

Wish: end date membership

There are still a few additional wishes. For example, it would be nice to be able to add an end date to a membership. "We enter into an official 2-year agreement with all guest users. The account should then expire automatically, but that is not yet possible. The group administrator has to check if someone's group membership has to be renewed or not". They are discussing this with SURF. They hear purely positive noises from the end users about the ease of logging into the university library, wherever and whenever they want.

Read more about SURFconext

About eduID

SURF's eduID project has been launched to support flexible education and lifelong development. The plan is ultimately to provide all students and researchers in the Netherlands with an eduID. That is not yet the case, but SURF is already going to use eduID for specific target groups. An example: People who need access to the services of certain educational or research institutions but do not have an account themselves.

Read more about eduID

SURFconext Authorisation Rules
SURFconext flow route VUUMC